class fragments::sudo($mainuser=lookup('mainuser')) {
  #mainuser可不输入密码直接使用sudo
  augeas {"${mainuser} has sudo permision with nopassword needed":
    incl => '/etc/sudoers',
    lens => 'Sudoers.lns',
    changes => [
                "set spec[last()+1]/user ${mainuser}",
                'set spec[last()]/host_group/host ALL',
                'set spec[last()]/host_group/command ALL',
                'set spec[last()]/host_group/command/runas_user ALL',
                'set spec[last()]/host_group/command/runas_group ALL',
                'set spec[last()]/host_group/command/tag NOPASSWD',
                ],
    onlyif => "match spec/user[.=\"${mainuser}\"] size == 0",
  }

}